Hashing
General Idea
Irreversible, one way computation, which convert a message to a hashed value
Original message should not be recoverable from the hashed value
Hashed value should be unique for the given message. This means that even a single bit flip in the original message should change the hashed value completely.
Uses modulo mathematics and prime numbers.
Comparison of some hash functions
Although CRC are not categorised as “hash” functions, they are also used for maintaining the integrity of the message during network transport.
| Category | CRC32 | SHA | Bcrypt/Argon2 |
|---|---|---|---|
| Security against known attacks | Lowest | Medium | Highest |
| Computation | Fastest | Medium | Slowest |
SHA: One of the oldest hashing algorithm. In TLS it is used is used as hashing mechanism for HMAC. It is also used to check file integrity after downloading from internet.
Argon/Bcrypt: Purposefully slow to make cracking difficult. Used to store passwords.
HMAC
Hash-based Message Authentication Codes typically use any cryptographic hash functions like SHA-2 to generate the message authentication code.
Idea is to use the split the secret shared key (typically the symmetric key in encryption) in 2 subkeys, and compute hashes twice using those subkeys and the message.
At the receiving end, the hash is recalculated using the shared secret key and the message. If the hash matches the HMAC passed along with the cipher text, then the message is authenticated.
Now, depending on “what constitutes a message”, there can be 3 ways in which HMAC is calculated: (Reference)
- Mac And Encrypt : The sender computes a MAC of the plaintext, encrypts the plaintext, and then appends the MAC to the ciphertext. Ek1(P) || MACk2(P). Not recommended.
- Mac Then Encrypt : The sender computes a MAC of the plaintext, then encrypts both the plaintext and the MAC. Ek1(P || MACk2(P))
- Encrypt Then Mac : The sender encrypts the plaintext, then appends a MAC of the ciphertext. Ek1(P) || MACk2(Ek1(P)).
As per the above reference article, “Encrypt then Mac” is the best option, since you don’t have to decrypt the cipher text before checking the authenticity of the message.
Since TLS 1.3, HMAC is not used, instead new encryption schemes like AES-GCM and ChaCha20-Poly1305 are used which provide authenticated encryption with associanted data (AEAD). Both AES-GCM and ChaCha20-Poly1305 internally use a version of “Encrypt then Mac” scheme to generate the “Authentication Tag” along with the cipher text.
HKDF
HMAC-based Key Derivation Function (HKDF) is a standard algorithm in TLS Cypher Suites used to derive a fixed length symmetric key from a secret.
The secret is either
- A pre-shared key (PSK)
- A shared secret, which is generated between 2 parties using Diffie-Hellman key exchange
HKDF is the composition of two functions, HKDF-Extract and HKDF-Expand
Read wiki to learn how it works.